Add podman support

[rlenferink]

Hi,

This pull request extends the mailcow scripts to be able to use podman as container engine instead of Docker. This pull request is related to #2614.

Podman is an open-source tool originally created by RedHat for managing containers. It is daemon-less and allows user to run containers rootless. Podman has an Docker API compatibility layer, which means the mailcow docker-compose stack works with podman as well, al be it with minor modifications.

Since podman originated by RedHat it is fairly simple to get podman working on different distributions part of the RedHat family (RHEL, CentOS, Rocky Linux, Fedora...).

The environment I used for testing:

• Fedora 37 with Podman 4.3.1 and Docker compose v2.15.1 (development)
• Rocky Linux 9 with Podman 4.2.0 and Docker compose v2.15.0 (soon to be prod)

This pull request:

• Sets the security_opt setting to disable SELinux within the container. Note: I still have SELinux enabled on the host in enforcing mode. I couldn't get it to work without this option.
• Adds an optional helper CONTAINER_ENGINE_PODMAN docker-compose override which can be included in case podman is used. This overrides e.g. the /var/run/docker.sock host mount to the Podman socket (e.g. /run/user/1000/podman/podman.sock).
• Adds an optional helper CUSTOM_STORAGE_LOCATION docker-compose override which can be included to write data to a folder on disk instead of a Docker/Podman volume. The MAILCOW_STORAGE_DIR is the directory where the data is stored in case this override is used.
• Since these helper files don't need to be changed and users can just start using them, it is a bit of a hassle to constantly type the compose command with the full path to the override files (e.g. docker-compose-v2 -f docker-compose.yml -f helper-scripts/docker-compose.override.yml.d/CONTAINER_ENGINE_PODMAN/docker-compose.override.yml -f helper-scripts/docker-compose.override.yml.d/CUSTOM_STORAGE_LOCATION/docker-compose.override.yml up -d --remove-orphans). That is why I created a mailcow-compose.sh wrapper which respects the DOCKER_COMPOSE_EXTRA_OVERRIDES option. Some logic in the update.sh script is moved to this wrapper script.
• One thing that doesn't work yet with podman/docker-compose is IPv6 & DNS. That is why a patch file & script are executed to change the compose file to work with podman. This script is only executed in case the user wants to use podman, otherwise it is ignored. This IPv4 vs IPv6 thing is also the reason why I re-ordered the my.cnf file, since now I can easily append a bind_address using echo.
• The patch script also disables the sysctls and oom_kill_disable options, since those also don't work. Having the sysctl options set is a prerequisite anyways, since otherwise rootless users are not allowed to bind to port 25. This might be something to document on the website.

The generate_config, reset-admin, reset-learns, update_compose scripts all work for me with Podman and I have mailcow running on my system as we speak 😃

I think if this is merged, that this needs to be described somewhere on the mailcow website as well.

[rlenferink@fedora mailcow-dockerized]$ cat /etc/redhat-release 
Fedora release 37 (Thirty Seven)
[rlenferink@fedora mailcow-dockerized]$ podman --version 
podman version 4.3.1
[rlenferink@fedora mailcow-dockerized]$ docker-compose-v2 --version
Docker Compose version v2.15.1

[rlenferink@fedora mailcow-dockerized]$ podman ps
CONTAINER ID  IMAGE                                    COMMAND               CREATED      STATUS                    PORTS                                                                                                                                       NAMES
34cdb6683f04  docker.io/mailcow/unbound:1.17           /usr/sbin/unbound     3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-unbound-mailcow-1
db6f15494e2e  docker.io/mailcow/watchdog:1.97          /bin/sh -c /watch...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-watchdog-mailcow-1
9242b4bd3e3a  docker.io/library/memcached:alpine       memcached             3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-memcached-mailcow-1
ddfdf3344f0e  docker.io/mailcow/dockerapi:2.0                                3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-dockerapi-mailcow-1
abfafabf8b5b  docker.io/mailcow/olefy:1.11             python3 -u /app/o...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-olefy-mailcow-1
794aa164b575  docker.io/library/redis:7-alpine         redis-server          3 hours ago  Up 3 hours ago            127.0.0.1:7654->6379/tcp                                                                                                                    mailcowdockerized-redis-mailcow-1
ee9272550891  docker.io/mailcow/sogo:1.113             /bin/sh -c exec /...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-sogo-mailcow-1
f7153dc49bb0  docker.io/mailcow/solr:1.8.1             /solr.sh              3 hours ago  Up 3 hours ago            127.0.0.1:18983->8983/tcp                                                                                                                   mailcowdockerized-solr-mailcow-1
743e9db72816  docker.io/mailcow/clamd:1.60             /sbin/tini -g -- ...  3 hours ago  Up 3 hours ago (healthy)                                                                                                                                              mailcowdockerized-clamd-mailcow-1
4994224bb35b  docker.io/library/mariadb:10.5           mysqld                3 hours ago  Up 3 hours ago            127.0.0.1:13306->3306/tcp                                                                                                                   mailcowdockerized-mysql-mailcow-1
25496f1f0889  docker.io/mailcow/phpfpm:1.81            php-fpm -d date.t...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-php-fpm-mailcow-1
9e6ec5f8c929  docker.io/library/nginx:mainline-alpine  /bin/sh -c envsub...  3 hours ago  Up 3 hours ago            127.0.0.1:11000-11001->11000-11001/tcp                                                                                                      mailcowdockerized-nginx-mailcow-1
b4987e6c8217  docker.io/mailcow/postfix:1.68           /bin/sh -c exec /...  3 hours ago  Up 3 hours ago            0.0.0.0:25->25/tcp, 0.0.0.0:465->465/tcp, 0.0.0.0:587->587/tcp                                                                              mailcowdockerized-postfix-mailcow-1
2f193b60c956  docker.io/mailcow/dovecot:1.21           /bin/sh -c exec /...  3 hours ago  Up 3 hours ago            127.0.0.1:19991->12345/tcp, 0.0.0.0:110->110/tcp, 0.0.0.0:143->143/tcp, 0.0.0.0:993->993/tcp, 0.0.0.0:995->995/tcp, 0.0.0.0:4190->4190/tcp  mailcowdockerized-dovecot-mailcow-1
911143ab7f35  docker.io/mailcow/acme:1.83              /sbin/tini -g -- ...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-acme-mailcow-1
1f2a424a81a9  docker.io/mailcow/netfilter:1.50         python3 -u /serve...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-netfilter-mailcow-1
5159bd95b1c9  docker.io/mcuadros/ofelia:latest         daemon --docker       3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-ofelia-mailcow-1
4a48fd95da36  docker.io/mailcow/rspamd:1.92            /usr/bin/rspamd -...  3 hours ago  Up 3 hours ago                                                                                                                                                        mailcowdockerized-rspamd-mailcow-1

[rlenferink@fedora mailcow-dockerized]$ ./mailcow-compose.sh ps
Executing: docker-compose-v2 -f docker-compose.yml -f helper-scripts/docker-compose.override.yml.d/CONTAINER_ENGINE_PODMAN/docker-compose.override.yml -f helper-scripts/docker-compose.override.yml.d/CUSTOM_STORAGE_LOCATION/docker-compose.override.yml  ps 
NAME                                    IMAGE                                     COMMAND                  SERVICE             CREATED             STATUS              PORTS
mailcowdockerized-acme-mailcow-1        docker.io/mailcow/acme:1.83               "/sbin/tini -g -- /s…"   acme-mailcow        3 hours ago         Up 3 hours          
mailcowdockerized-clamd-mailcow-1       docker.io/mailcow/clamd:1.60              "/sbin/tini -g -- /c…"   clamd-mailcow       3 hours ago         Up 3 hours          
mailcowdockerized-dockerapi-mailcow-1   docker.io/mailcow/dockerapi:2.0           ""                       dockerapi-mailcow   3 hours ago         Up 3 hours          
mailcowdockerized-dovecot-mailcow-1     docker.io/mailcow/dovecot:1.21            "/bin/sh -c exec /us…"   dovecot-mailcow     3 hours ago         Up 3 hours          110/tcp, 143/tcp, 993/tcp, 995/tcp, 4190/tcp, 127.0.0.1:19991->12345/tcp
mailcowdockerized-memcached-mailcow-1   docker.io/library/memcached:alpine        "memcached"              memcached-mailcow   3 hours ago         Up 3 hours          
mailcowdockerized-mysql-mailcow-1       docker.io/library/mariadb:10.5            "mysqld"                 mysql-mailcow       3 hours ago         Up 3 hours          127.0.0.1:13306->3306/tcp
mailcowdockerized-netfilter-mailcow-1   docker.io/mailcow/netfilter:1.50          "python3 -u /server.…"   netfilter-mailcow   3 hours ago         Up 3 hours          
mailcowdockerized-nginx-mailcow-1       docker.io/library/nginx:mainline-alpine   "/bin/sh -c envsubst…"   nginx-mailcow       3 hours ago         Up 3 hours          127.0.0.1:11000->11000/tcp
mailcowdockerized-ofelia-mailcow-1      docker.io/mcuadros/ofelia:latest          "daemon --docker"        ofelia-mailcow      3 hours ago         Up 3 hours          
mailcowdockerized-olefy-mailcow-1       docker.io/mailcow/olefy:1.11              "python3 -u /app/ole…"   olefy-mailcow       3 hours ago         Up 3 hours          
mailcowdockerized-php-fpm-mailcow-1     docker.io/mailcow/phpfpm:1.81             "php-fpm -d date.tim…"   php-fpm-mailcow     3 hours ago         Up 3 hours          
mailcowdockerized-postfix-mailcow-1     docker.io/mailcow/postfix:1.68            "/bin/sh -c exec /us…"   postfix-mailcow     3 hours ago         Up 3 hours          25/tcp, 465/tcp, 587/tcp
mailcowdockerized-redis-mailcow-1       docker.io/library/redis:7-alpine          "redis-server"           redis-mailcow       3 hours ago         Up 3 hours          127.0.0.1:7654->6379/tcp
mailcowdockerized-rspamd-mailcow-1      docker.io/mailcow/rspamd:1.92             "/usr/bin/rspamd -f …"   rspamd-mailcow      3 hours ago         Up 3 hours          
mailcowdockerized-sogo-mailcow-1        docker.io/mailcow/sogo:1.113              "/bin/sh -c exec /us…"   sogo-mailcow        3 hours ago         Up 3 hours          
mailcowdockerized-solr-mailcow-1        docker.io/mailcow/solr:1.8.1              "/solr.sh"               solr-mailcow        3 hours ago         Up 3 hours          127.0.0.1:18983->8983/tcp
mailcowdockerized-unbound-mailcow-1     docker.io/mailcow/unbound:1.17            "/usr/sbin/unbound"      unbound-mailcow     3 hours ago         Up 3 hours          
mailcowdockerized-watchdog-mailcow-1    docker.io/mailcow/watchdog:1.97           "/bin/sh -c /watchdo…"   watchdog-mailcow    3 hours ago         Up 3 hours          

[DerLinkman]

Hi, thanks for that.

I'm not 100% convinced that we'll implement this into the mailcow source code soon.

There too many differences or changes regarding the container engine in my opinion.

The problem here is that you've only tested this on Fedora Systems which (of course work as Podman is a RedHat created utility) if you test this on more OSes (those which are definately supported like Ubuntu etc.) we can think about it.

What we can do in general is a Guide in our Documentation which is similary done like the mailman guide in that documentation so that users can do that if they want without breaking anything for all non interested users.

[rlenferink]

Hi @DerLinkman, thanks for replying!

I'm not 100% convinced that we'll implement this into the mailcow source code soon.

There too many differences or changes regarding the container engine in my opinion.

I am curious about your experience with podman/RedHat based systems (honestly interested!). My container world experience started with Docker for quite a long time, but recently I am converting/updating parts of my home setup to podman.

When using the CLI, most users even have alias docker=podman in place, since the pull, push, build, commit, tag, run etc.. commands that Docker has, work with podman as well.

The same goes for the Docker API. Podman is created to be a replacement of Docker with a compatible API. Some parts (e.g. the --dns option: containers/podman#16297 and the oom_killer option) but the options mailcow uses seem to be implemented.

The problem here is that you've only tested this on Fedora Systems which (of course work as Podman is a RedHat created utility) if you test this on more OSes (those which are definately supported like Ubuntu etc.) we can think about it.

Good idea, that is indeed something I did not do. Based on your suggestion I setup an Ubuntu 22.04 VM with docker and docker-compose installed to test whether things are still working, and things were :) All the containers were started, in the mailcow UI I could add a domain and create a mailbox, which I could sign in with to SOGo and send an e-mail. Signing in and seeing the folders (Inbox, Sent, Trash ..) means dovecot works and I could successfully sent an e-mail to someone else (postfix working as well).

I followed the steps and didn't have to make any manual changes. See my test log below.

Test log of 'add-podman-support' branch on Ubuntu

Preconditions:

• Download Ubuntu 22.04 LTS
• Install Ubuntu 22.04 LTS (VM with 4 CPUs and 8 GB memory)
• Install Docker: https://docs.docker.com/engine/install/ubuntu/#install-using-the-repository
• Install docker-compose: https://docs.docker.com/compose/install/other/#on-linux

root@ubuntu-vm3:~# cat /etc/lsb-release
DISTRIB_ID=Ubuntu
DISTRIB_RELEASE=22.04
DISTRIB_CODENAME=jammy
DISTRIB_DESCRIPTION="Ubuntu 22.04.1 LTS"

root@ubuntu-vm3:~# docker --version 
Docker version 20.10.22, build 3a2c30b

root@ubuntu-vm3:~# docker-compose --version
Docker Compose version v2.15.1

root@ubuntu-vm3:~# ufw status 
Status: inactive

root@ubuntu-vm3:~# cd /opt
root@ubuntu-vm3:/opt# git clone https://github.com/mailcow/mailcow-dockerized.git
root@ubuntu-vm3:/opt# cd mailcow-dockerized/
root@ubuntu-vm3:/opt/mailcow-dockerized# git remote add rlenferink https://github.com/rlenferink/mailcow-dockerized.git

root@ubuntu-vm3:/opt/mailcow-dockerized# git remote -v
origin	https://github.com/mailcow/mailcow-dockerized (fetch)
origin	https://github.com/mailcow/mailcow-dockerized (push)
rlenferink	https://github.com/rlenferink/mailcow-dockerized.git (fetch)
rlenferink	https://github.com/rlenferink/mailcow-dockerized.git (push)

root@ubuntu-vm3:/opt/mailcow-dockerized# git fetch --all
root@ubuntu-vm3:/opt/mailcow-dockerized# git checkout add-podman-support 

# Required because we want to test the podman branch and not automatically switch to master
root@ubuntu-vm3:/opt/mailcow-dockerized# export MAILCOW_BRANCH=add-podman-support

root@ubuntu-vm3:/opt/mailcow-dockerized# ./generate_config.sh 
Found Docker container engine.
Found Docker Compose Standalone.
Setting the DOCKER_COMPOSE_VERSION Variable to standalone
Notice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.
Press enter to confirm the detected value '[value]' where applicable or enter a custom value.
Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: mail.ubuntu-vm3.loc
Timezone [Etc/UTC]: Europe/Amsterdam
Which branch of mailcow do you want to use?

Available Branches:
- master branch (stable updates) | default, recommended [1]
- nightly branch (unstable updates, testing) | not-production ready [2]
Fetching origin
Fetching rlenferink
Already on 'add-podman-support'
Your branch is up to date with 'rlenferink/add-podman-support'.
Generating snake-oil certificate...
....+..<snip>
-----
Copying snake-oil certificate...

# Intentionally use the docker compose commands below (instead of the mailcow-compose.sh wrapper)
# to demonstrate that the changes in this pull request are backwards compatible

root@ubuntu-vm3:/opt/mailcow-dockerized# docker-compose pull

root@ubuntu-vm3:/opt/mailcow-dockerized# docker-compose up -d
[+] Running 32/33
 ⠿ Network mailcowdockerized_mailcow-network                       Created            0.2s
 ⠿ Volume "mailcowdockerized_vmail-vol-1"                          Created            0.1s
 ⠿ Volume "mailcowdockerized_vmail-index-vol-1"                    Created            0.0s
 ⠿ Volume "mailcowdockerized_mysql-vol-1"                          Created            0.0s
 ⠿ Volume "mailcowdockerized_clamd-db-vol-1"                       Created            0.1s
 ⠿ Volume "mailcowdockerized_redis-vol-1"                          Created            0.3s
 ⠿ Volume "mailcowdockerized_postfix-vol-1"                        Created            0.0s
 ⠿ Volume "mailcowdockerized_mysql-socket-vol-1"                   Created            0.0s
 ⠿ Volume "mailcowdockerized_sogo-web-vol-1"                       Created            0.0s
 ⠿ Volume "mailcowdockerized_sogo-userdata-backup-vol-1"           Created            0.0s
 ⠿ Volume "mailcowdockerized_crypt-vol-1"                          Created            0.0s
 ⠿ Volume "mailcowdockerized_rspamd-vol-1"                         Created            0.0s
 ⠿ Volume "mailcowdockerized_solr-vol-1"                           Created            0.0s
 ⠿ Container mailcowdockerized-memcached-mailcow-1                 Started           19.6s
 ⠿ Container mailcowdockerized-redis-mailcow-1                     Started           15.9s
 ⠿ Container mailcowdockerized-unbound-mailcow-1                   Started           13.9s
 ⠿ Container mailcowdockerized-watchdog-mailcow-1                  Started           15.1s
 ⠿ Container mailcowdockerized-dockerapi-mailcow-1                 Started           18.1s
 ⠿ Container mailcowdockerized-olefy-mailcow-1                     Started           15.2s
 ⠿ Container mailcowdockerized-sogo-mailcow-1                      Started           16.9s
 ⠿ Container mailcowdockerized-solr-mailcow-1                      Started           17.5s
 ⠇ dockerapi-mailcow Your kernel does not support OomKillDisable. OomKillDisable discarded.    0.0s
 ⠿ Container mailcowdockerized-php-fpm-mailcow-1                   Started           18.1s
 ⠿ Container mailcowdockerized-mysql-mailcow-1                     Started           16.1s
 ⠿ Container mailcowdockerized-clamd-mailcow-1                     Started           18.4s
 ⠿ Container mailcowdockerized-dovecot-mailcow-1                   Started           18.2s
 ⠿ Container mailcowdockerized-postfix-mailcow-1                   Started           17.5s
 ⠿ Container mailcowdockerized-nginx-mailcow-1                     Started           21.2s
 ⠿ Container mailcowdockerized-acme-mailcow-1                      Started           21.8s
 ⠿ Container mailcowdockerized-ofelia-mailcow-1                    Started           21.0s
 ⠿ Container mailcowdockerized-rspamd-mailcow-1                    Started           21.4s
 ⠿ Container mailcowdockerized-netfilter-mailcow-1                 Started           18.6s
 ⠿ Container mailcowdockerized-ipv6nat-mailcow-1                   Started           21.1s


# Execute the update script (to demonstrate it still works).
#
# There are some git errors in it below, but that is because a custom branch and
# non-origin upstream (rlenferink) is used

root@ubuntu-vm3:/opt/mailcow-dockerized# ./update.sh 
Checking internet connection... OK
Detecting which build your mailcow runs on...
You are receiving updates from a unsupported branch.
The mailcow stack might still work but it is recommended to switch to the master branch (stable builds).
To change that run the update.sh Script one time with the --stable parameter to switch to stable builds.
Checking for newer update script...
error: pathspec 'origin/add-podman-support' did not match any file(s) known to git
Are you sure you want to update mailcow: dockerized? All containers will be stopped. [y/N] y
Native IPv6 implementation available.
This will enable experimental features in the Docker daemon and configure Docker to do the IPv6 NATing instead of ipv6nat-mailcow.
!!! This step is recommended !!!
mailcow will try to roll back the changes if starting Docker fails after modifying the daemon.json configuration file.
Should we try to enable the native IPv6 implementation in Docker now (recommended)? [y/N] n
OK, skipping this step.
Validating docker-compose stack configuration...
Executing: docker-compose  config -q 
Checking for conflicting bridges...
# Warning: iptables-legacy tables present, use iptables-legacy to see them
Saving diff to update_diffs/diff_before_update_2023-01-14-11-23-13...
Prefetching images...
fatal: invalid object name 'origin/add-podman-support'.
Stopping mailcow...
Executing: docker-compose  down 
[+] Running 20/20
 ⠿ Container mailcowdockerized-olefy-mailcow-1        Removed        10.3s
 ⠿ Container mailcowdockerized-ipv6nat-mailcow-1      Removed        0.1s
 ⠿ Container mailcowdockerized-ofelia-mailcow-1       Removed        0.3s
 ⠿ Container mailcowdockerized-watchdog-mailcow-1     Removed        0.5s
 ⠿ Container mailcowdockerized-netfilter-mailcow-1    Removed        0.5s
 ⠿ Container mailcowdockerized-rspamd-mailcow-1       Removed        0.7s
 ⠿ Container mailcowdockerized-acme-mailcow-1         Removed        0.6s
 ⠿ Container mailcowdockerized-memcached-mailcow-1    Removed        1.0s
 ⠿ Container mailcowdockerized-solr-mailcow-1         Removed        1.1s
 ⠿ Container mailcowdockerized-clamd-mailcow-1        Removed        0.7s
 ⠿ Container mailcowdockerized-dockerapi-mailcow-1    Removed        10.4s
 ⠿ Container mailcowdockerized-postfix-mailcow-1      Removed        2.3s
 ⠿ Container mailcowdockerized-nginx-mailcow-1        Removed        0.5s
 ⠿ Container mailcowdockerized-dovecot-mailcow-1      Removed        2.3s
 ⠿ Container mailcowdockerized-php-fpm-mailcow-1      Removed        0.3s
 ⠿ Container mailcowdockerized-sogo-mailcow-1         Removed        6.6s
 ⠿ Container mailcowdockerized-redis-mailcow-1        Removed        0.3s
 ⠿ Container mailcowdockerized-mysql-mailcow-1        Removed        0.9s
 ⠿ Container mailcowdockerized-unbound-mailcow-1      Removed        0.2s
 ⠿ Network mailcowdockerized_mailcow-network          Removed        0.1s
Checking for remaining containers...
Committing current status...
Fetching updated code from remote...
Merging local with remote code (recursive, strategy: "theirs", options: "patience"...
Already up to date.
Fetching new images, if any...
Executing: docker-compose  pull 
[+] Running 19/19
 ⠿ unbound-mailcow Pulled       1.0s
 ⠿ nginx-mailcow Pulled         1.4s
 ⠿ mysql-mailcow Pulled         1.4s
 ⠿ ofelia-mailcow Pulled        1.5s
 ⠿ watchdog-mailcow Pulled      1.0s
 ⠿ clamd-mailcow Pulled         1.4s
 ⠿ sogo-mailcow Pulled          1.4s
 ⠿ redis-mailcow Pulled         1.5s
 ⠿ rspamd-mailcow Pulled        1.3s
 ⠿ postfix-mailcow Pulled       1.3s
 ⠿ olefy-mailcow Pulled         1.3s
 ⠿ netfilter-mailcow Pulled     1.4s
 ⠿ solr-mailcow Pulled          1.4s
 ⠿ ipv6nat-mailcow Pulled       1.5s
 ⠿ acme-mailcow Pulled          1.3s
 ⠿ dovecot-mailcow Pulled       1.3s
 ⠿ dockerapi-mailcow Pulled     1.4s
 ⠿ memcached-mailcow Pulled     1.5s
 ⠿ php-fpm-mailcow Pulled       1.4s
Checking IPv6 settings... 
Starting mailcow...
Executing: docker-compose  up -d --remove-orphans 
[+] Running 20/21
 ⠿ Network mailcowdockerized_mailcow-network            Created        0.0s
 ⠿ Container mailcowdockerized-watchdog-mailcow-1       Started        1.8s
 ⠿ Container mailcowdockerized-sogo-mailcow-1           Started        1.8s
 ⠿ Container mailcowdockerized-redis-mailcow-1          Started        1.3s
 ⠿ Container mailcowdockerized-solr-mailcow-1           Started        1.6s
 ⠿ Container mailcowdockerized-memcached-mailcow-1      Started        1.1s
 ⠿ Container mailcowdockerized-dockerapi-mailcow-1      Started        1.7s
 ⠿ Container mailcowdockerized-unbound-mailcow-1        Started        1.5s
 ⠿ Container mailcowdockerized-olefy-mailcow-1          Started        1.3s
 ⠼ dockerapi-mailcow Your kernel does not support OomKillDisable. OomKillDisable discarded.   0.0s
 ⠿ Container mailcowdockerized-mysql-mailcow-1          Started        2.3s
 ⠿ Container mailcowdockerized-clamd-mailcow-1          Started        2.1s
 ⠿ Container mailcowdockerized-php-fpm-mailcow-1        Started        1.8s
 ⠿ Container mailcowdockerized-dovecot-mailcow-1        Started        3.3s
 ⠿ Container mailcowdockerized-postfix-mailcow-1        Started        3.4s
 ⠿ Container mailcowdockerized-nginx-mailcow-1          Started        2.3s
 ⠿ Container mailcowdockerized-acme-mailcow-1           Started        3.2s
 ⠿ Container mailcowdockerized-rspamd-mailcow-1         Started        4.0s
 ⠿ Container mailcowdockerized-ofelia-mailcow-1         Started        4.0s
 ⠿ Container mailcowdockerized-netfilter-mailcow-1      Started        3.4s
 ⠿ Container mailcowdockerized-ipv6nat-mailcow-1        Started        4.0s
Collecting garbage...

After all containers run and mailcow can be used.

What we can do in general is a Guide in our Documentation which is similary done like the mailman guide in that documentation so that users can do that if they want without breaking anything for all non interested users.

To be honest, since this change is backwards compatible (the extra functionality is not used in case of Docker and therefore this change is backwards compatible) I am feeling more to have this added to mailcow. This to make it easier for users (myself included) to keep using mailcow and update to newer versions later on.

We could add a note to the generate_config.sh and update.sh saying something like Note: Support for podman is experimental (only in case podman is detected as container engine).

[DerLinkman]

Hi, thank you for testing and giving feedback on my concerns.

To be honest with you i havn't tested podman with mailcow on any system yet.

But i will of course before approving this.

We could add a note to the generate_config.sh and update.sh saying something like Note: Support for podman is experimental (only in case podman is detected as container engine).

That sounds like a good idea which i'll be fine with :)

[rlenferink]

To be honest with you i havn't tested podman with mailcow on any system yet.

But i will of course before approving this.

Do you need/want instructions on how I got mailcow running (rootless) on e.g. Fedora? (or Rocky Linux) (fresh installation)

We could add a note to the generate_config.sh and update.sh saying something like Note: Support for podman is experimental (only in case podman is detected as container engine).

That sounds like a good idea which i'll be fine with :)

Done! Also rebased on top of 'staging' due to merge conflicts.

[rlenferink]

Do you need/want instructions on how I got mailcow running (rootless) on e.g. Fedora? (or Rocky Linux) (fresh installation)

Here the steps I executed for running mailcow on a fresh Rocky Linux 9.1 installation.

Steps for running mailcow using podman on Rocky Linux 9.1

Prerequisites

• Download Rocky Linux
• Install Rocky Linux (in my case a VM with 4 CPUs and 8 GB ram)
  • Software Selection/Base environment: Minimal install
  • Users: Enter a password for the root user and create another user which we'll use for running mailcow using podman (in my case 'rlenferink').

Note: some steps below are the volatile options (e.g. setting environment variables or sysctl options).
In case persistency across reboots or different shells is needed, then execute the appropriate steps for that.

# Install git and patch
[root@rocky-vm2 ~]# dnf install git patch

# Install podman + docker-compose
[root@rocky-vm2 ~]# dnf install podman
[root@rocky-vm2 ~]# curl -SL https://github.com/docker/compose/releases/download/v2.15.1/docker-compose-linux-x86_64 -o /usr/local/bin/docker-compose
[root@rocky-vm2 ~]# chmod 755 /usr/local/bin/docker-compose

# Set the correct sysctl options (volatile; if persistence is needed the internet definetely has tutorials for it :-) )
[root@rocky-vm2 ~]# sysctl net.ipv4.ip_unprivileged_port_start=25
[root@rocky-vm2 ~]# sysctl net.core.somaxconn=4096

# For this demo, don't configure a firewall and just stop it
[root@rocky-vm2 ~]# systemctl stop firewalld

# Test podman (root user)
[root@rocky-vm2 ~]# podman run --rm hello-world

# Enable lingering (to 'login' the user automatically after system startup)
[root@rocky-vm2 ~]# loginctl enable-linger rlenferink

# Further steps are executed as rootless user
[root@rocky-vm2 ~]# sudo su - rlenferink

# Re-test whether podman works for the rootless user (separate storage directories per user)
[rlenferink@rocky-vm2 ~]$ podman run --rm hello-world

# Ensure the podman.sock is available for usage for mailcow
[rlenferink@rocky-vm2 ~]$ export XDG_RUNTIME_DIR=/run/user/$(id -u)
[rlenferink@rocky-vm2 ~]$ systemctl --user enable --now podman.socket
[rlenferink@rocky-vm2 ~]$ export DOCKER_HOST=unix:///run/user/$(id -u)/podman/podman.sock

# Start with the mailcow steps (store things in the home directory, but this can be any directory readable/writable by the user)

[rlenferink@rocky-vm2 ~]$ mkdir ~/mailcow-data
[rlenferink@rocky-vm2 ~]$ git clone https://github.com/mailcow/mailcow-dockerized.git
[rlenferink@rocky-vm2 ~]$ cd mailcow-dockerized/
[rlenferink@rocky-vm2 mailcow-dockerized]$ git remote add rlenferink https://github.com/rlenferink/mailcow-dockerized.git
[rlenferink@rocky-vm2 mailcow-dockerized]$ git fetch --all
[rlenferink@rocky-vm2 mailcow-dockerized]$ git checkout add-podman-support

[rlenferink@rocky-vm2 mailcow-dockerized]$ ./generate_config.sh --dev
Found Podman container engine.
NOTE: Support for Podman is experimental, consider this before deploying to production! 
Found Docker Compose Standalone.
Setting the DOCKER_COMPOSE_VERSION Variable to standalone
Notice: For an automatic update of docker-compose please use the update_compose.sh scripts located at the helper-scripts folder.
Press enter to confirm the detected value '[value]' where applicable or enter a custom value.
Mail server hostname (FQDN) - this is not your mail domain, but your mail servers hostname: mail.rocky-vm2.loc
Timezone [Europe/Amsterdam]: 
Enabled Dev Mode.
Not checking out a different branch!
patching file docker-compose.yml
Generating snake-oil certificate...
...+........<snip>
-----
Copying snake-oil certificate...

[rlenferink@rocky-vm2 mailcow-dockerized]$ ./mailcow-compose.sh pull
[rlenferink@rocky-vm2 mailcow-dockerized]$ ./mailcow-compose.sh up -d

Hope it helps you :)

[climba03003]

Thanks.
Since [email protected], the dns can be used without problem.

You can try with the latest version by

dnf copr enable rhcontainerbot/podman-next -y
dnf install podman podman-py -y

[DerLinkman]

Still interested, don't get me wrong! I was thinking about the implementation phase... what if we start to enroll this for all nightly users first. With this we can get reports of bugs without risking critical issues on productive used systems.

I could image to enroll the nightly demo with podman to gave the public (who don't want or can't install a dedicated nightly build) the chance to search for bugs ui/systemwise.

That would make the most sense i think. Similar as we did the upgrade of the UI to Bootstrap 5.

And you/we have the possibilities to commit those changes in here to have a clean cut later for the production branch.

[rlenferink]

Still interested, don't get me wrong! I was thinking about the implementation phase... what if we start to enroll this for all nightly users first. With this we can get reports of bugs without risking critical issues on productive used systems.

I could image to enroll the nightly demo with podman to gave the public (who don't want or can't install a dedicated nightly build) the chance to search for bugs ui/systemwise.

That would make the most sense i think. Similar as we did the upgrade of the UI to Bootstrap 5.

And you/we have the possibilities to commit those changes in here to have a clean cut later for the production branch.

I was not completely sure about the Mailcow branching flow. I noticed an automated job from staging to nightly, so that was my reason to target the mailcow:staging branch. But I understand it is nightly -> staging -> master, am I correct?

I surely am okay with merging this in the nightly branch.

Just for my information: how often is nightly merged to staging and staging to master ?

@DerLinkman how do we continue with this? Probably I have to solve the merge conflicts :), after that change the target branch to nightly and after that (or in the meantime?) you can do a review ?

[rlenferink]

Thanks. Since [email protected], the dns can be used without problem.

Thanks! I also noticed the PR adding the --dns support being merged (containers/podman#16297).

However, I think it might be good to start with what @DerLinkman suggested and get this PR into the nightly branch first. And in the meantime extend the mailcow podman functionality with the newer podman version (since it is not widely rolled out yet). On Fedora Podman 4.4.1 is already available in the stable repo, but I expect that it will still take another 2/3 months before it will be included in a new Rocky Linux release (without manually changing repos).

[milkmaker]

Thanks for contributing!

I noticed that you didn't select staging as your base branch. Please change the base branch to staging.
See the attached picture on how to change the base branch to staging:

[rlenferink]

@DerLinkman I resolved the merge conflicts and changed the base branch to nightly, however the CI check is complaining. Is that expected?

[DerLinkman]

@DerLinkman I resolved the merge conflicts and changed the base branch to nightly, however the CI check is complaining. Is that expected?

Yes that's normal.

Thanks next week we can plan the integration process.

[milkmaker]

This pull request has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[mnaggatz]

Is there any Progress? Can i help to Test?

[rlenferink]

@DerLinkman currently this PR has some merge conflicts which (again) need to be resolved. I am willing to do that, but it would help me if there is a known date where this will reviewed/tested. In #4982 (comment) we said 'somewhere next week' which at the moment is already two months ago.

Since resolving these conflicts and retesting is quite time consuming for me I would appreciate a timeline.

@mnaggatz I definitely welcome testers of this PR, thanks for offering! For testing podman support, you can use the instructions in #4982 (comment) which I wrote for testing it on a Rocky Linux 9.1 system (I tested it on Fedora and RHEL, but it might also work on other distros with podman installed). One thing I noticed while testing/running mailcow is that docker vs podman networking differ a bit. Docker mostly uses iptables (+ some additional magic), where with podman on a RedHat distro firewalld is used. I cannot completely figure out how to prevent mailcow acting as open relay in that scenario (hence the initial message in the generate_config.sh: Support for podman is experimental 😄)

[LiaraAlis]

I would like to test the changes because I also want to use mailcow with podman. But unfortunately I cannot help fixing the merge conflicts.

[fpauser]

Any news on this? Podman support would be super useful!

[DerLinkman]

Any news on this? Podman support would be super useful!

Not planned for now :/

[durehed]

Is there any plans for work on podman support any time soon?

[richardweinberger]

I'm evaluating mailcow right now and I really would like to use it with podman and not docker.
Is there anything I can do to help with this PR?

[DerLinkman]

We need tests, tests tests.
Plus the dockerapi needs to be rewritten i guess. Is podman with dockers api cross compatible? I don't think so.

I have no time currently (maybe soon) to experiment around with this pr.

[larena1]

It actually is compatible. The problem is more that podman and podman-compose version can vary drastically between different OS

[DerLinkman]

It actually is compatible. The problem is more that podman and podman-compose version can vary drastically between different OS

Then if, we made it podman compatible and only if we need to "force" a way to install podman like we did with docker (from their repos etc.). But again, no promises, that mailcow will ever be podman ready so to say.

[richardweinberger]

It actually is compatible. The problem is more that podman and podman-compose version can vary drastically between different OS

Well, requiring a non-ancient version shouldn't be a big deal.